Welcome to Prism Healthcare Intelligence

Introduction
Prism Healthcare Intelligence, a division of Communications Formedic, Inc. (“Prism”) is dedicated to maintaining the accuracy, confidentiality, security and privacy of personal information. We are committed to collecting, using and disclosing personal information responsibly and only to the extent necessary for the goods and services we provide. We are also open and transparent as to how we handle personal information. As an organization that handles personal information on a daily basis, we are conscious of our continued responsibility to respect personal privacy, safeguard confidentiality, and implement appropriate security and personnel measures. Our company and employees comply with all federal and provincial laws respecting privacy and has adopted our Privacy Policy based on the principles set out in Schedule 1 of the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).

All data collected will be specified as to the reason for collection. PRISM only collects data by fair and lawful means. All communications from PRISM will include a method (such as a link or fax number) that can be used to unsubscribe to further communications about a particular research study at any time. PRISM does not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law.

PRISM’s Privacy Principals

PRISM is committed to the protection of the personal information of individuals with whom it comes into contact. Accordingly, PRISM adheres to the principles set out below (the "Privacy Principles"). The Privacy Principles are based on the principles set out in Schedule 1 of the Personal Information Protection and Electronic Documents Act (Canada). "Personal Information", as used in this Code, means information about an identifiable individual, but does not include the name, title or business address or telephone of an employee of an organization.

1. Principle - Accountability
PRISM is responsible for the personal information under its control and has designated an individual as its Privacy Officer who shall be accountable for the organization's compliance with the following principles.
- 1.1 Accountability rests with the Privacy Officer of PRISM, even though other individuals with the organization may be responsible for the day-to-day collection and processing of personal information. In addition, other individuals may be delegated to act on behalf of the designated individual.
- 1.2 PRISM shall make known, upon request, the identity, title and contact information of the person designated to oversee PRISM's compliance with its policy.
- 1.3 PRISM is responsible for personal information in its possession or control. As such, PRISM will use appropriate means to ensure that all existing and future contracts ensure a level of privacy protection equal to PRISM's policies when information is being processed by third parties.
- 1.4 PRISM shall implement policies and practices to give effect to these principles, including;
  1. The establishment of procedures to quickly receive and respond to complaints and inquiries;
  2. Training and communicating to staff about PRISM's policies and practices;
  3. and Developing information to explain PRISM's policies and practices.

2. Principle - Identifying Purposes

PRISM shall identify the purposes for which personal information is collected at or before the time the information is collected.

- 2.1 Personal information may be collected, among other purposes, to:
  - Maintain a record of queries, requests for information, complaints and adverse event reports relating to products that we or our clients deliver, and report these to relevant regulatory bodies or other concerned organizations;
  - Administer disease awareness / management programs or other similar programs organized by PRISM or clients of PRISM;
  - Notify clients of matters that PRISM may be required by law to notify clients of (e.g., product recalls);
  - Develop, implement, market and manage PRISM's services and products which we market on behalf of our clients;
  - Send client materials and contact clients regarding products, services or developments which may be of interest;
  - Tailor marketing services to better suit client needs;
  - Administer research organized by clients of PRISM and which any individual may agree to participate in or be involved with;Identify, develop and administer continuing education programs, conferences, symposia, expert panels, seminars or other meetings or events organized by PRISM or clients of PRISM;
  - Establish and maintain customer relationships, including: managing, planning and arranging meetings between clients and PRISM sales representatives; and Monitor and review PRISM's compliance with relevant codes of conduct in its dealings with clients or other individuals;
- 2.2 If we plan to use Personal Information we have collected for a purpose not previously identified, we will identify and document this purpose before such use.
- 2.3 PRISM will make reasonable efforts to specify the identified purpose, orally or in writing, to the individual from whom the information is collected either at the time of collection or after collection but before use.

3. Principle - Consent

The knowledge and consent of the individual are required for the collection, use and disclosure of personal information, except where inappropriate.

- 3.1 The way in which we seek consent, including whether it is express or implied consent, may vary depending on the sensitivity of the information and the reasonable expectations of the individual. An individual may withdraw consent at any time, subject to legal and contractual restrictions and reasonable notice.
- 3.2 PRISM will typically seek consent for the use or disclosure of personal information at the time of collection, but in certain circumstances consent may be sought after collection but before use. In some circumstances, we may not seek consent if, for example, the personal information is being collected for an obvious reason (such as providing personal information for a product request).
- 3.3 PRISM will only ask individuals to consent to the collection, use or disclosure of personal information as a condition of the supply or purchase of a product, if such use, collection or disclosure is required to fulfill an identified purpose.
- 3.4 In certain circumstances, as permitted or required by law, we may collect, use or disclose personal information without the knowledge and consent of the individual. These circumstances include: Personal information which is subject to solicitor-client privilege or is publicly available as defined by regulation; where collection or use is clearly in the interests of the individual and consent cannot be obtained in a timely way; to investigate a breach of agreement of a contravention of the law; to act in respect to an emergency that threatens the life, health or security of an individual; for debt collection; or to comply with a subpoena, warrant or court order.

4. Principle - Limiting Collection

PRISM will limit the amount and type of personal information collected to that which is necessary for the purposes identified by PRISM. We will only collection personal information by fair and lawful means.

5. Principle - Limiting Use, Disclosure and Retention
PRISM shall not use or disclose personal information for purposes other than those for which it was collected, except with consent of the individual or as required by law. Personal information shall be retained only as long as is necessary for the fulfillment of those purposes.
- 5.1 PRISM will not disclose personal information about you to any person except in the following circumstances, and then only that information which is necessary.
  - Third parties we use in the ordinary course of our business, such as for conference organizing, marketing, data processing and associated printing and mailing;
  - Companies related to PRISM for the same kinds of purposes as listed above; and
  - Such third parties as otherwise permitted or required by law.
- 5.2 PRISM shall retain personal information only as long as it remains necessary or relevant for the identified purposes, to contribute to our database, or as required by law. In some circumstances where personal information has been utilized to make a decision about an individual, PRISM shall retain that personal information for a period of time that is reasonably sufficient to allow for access by the individual.
- 5.3 Personal information that is no longer required to fulfill an identified purpose shall be erased, destroyed or made anonymous.

6. Principle - Accuracy of Personal Information

PRISM will use its best effort to ensure that personal information is as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

- 6.1 Personal information used by PRISM shall be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about an individual.
- 6.2 PRISM shall not routinely update personal information about individuals, but only as and when necessary to fulfill identified purposes.

7. Principle - Safeguards

PRISM will protect personal information by security safeguards appropriate to the sensitivity of the information.

- 7.1 PRISM shall protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. PRISM shall protect personal information regardless of the format in which it was held.
- 7.2 Nature of the safeguards taken:
  1. Physical measures - building security, lock boxes, secure rooms, etc.;
  2. Organizational measures - "need to know" basis; and
  3. Technological measures - use of encryption and passwords
- 7.3 PRISM shall make its employees aware of the importance of maintaining the confidentiality of personal information by signing a Secrecy Document as a precondition of full time / part time / or contract employment

8. Principle - Openness

PRISM will make readily available to individuals specific information about its policies and practices relating to the management of personal information.

- 8.1 PRISM shall make information regarding its policies and practices available in a form that is generally understandable, including:
  1. How to gain access to personal information held by PRISM;
  2. The type of personal information held by PRISM, including a general account of its use;
  3. Personal information available to related organizations (affiliates); and
  4. How to contact our Privacy Officer.

9. Principle - Individual Access

Upon written request, PRISM will inform an individual of the existence, use and disclosure of his or her personal information, subject to internal, legal and practical limitations, and we will give the individual access to that information. An individual can challenge the accuracy and completeness of the information and have it amended as appropriate.

- 9.1 PRISM will respond to an individual's written request for information within a reasonable period of time. We may require an individual to provide sufficient information to permit us to provide an account of the existence, use and disclosure of personal information. This information shall be provided in an understandable, timely and low-cost manner from the perspective of the individual.
- 9.2 Should an individual successfully demonstrate any inaccuracy or incompleteness in the records, PRISM will make the appropriate amendments to the information. When a challenge is not resolved to the satisfaction of the individual, a statement of disagreement shall be attached to the individual's records. When appropriate, the existence of the unresolved challenge shall be transmitted to third parties having access to the information in question.
- 9.3 In certain situations, PRISM may not be able to provide access to all the personal information it holds about an individual. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege. The reasons for denying access shall be provided by PRISM upon request.

10. Principle - Challenging Compliance

An individual can address a challenge concerning compliance with the above principles to the designated person accountable for PRISM's compliance with the policy.

- 10.1 PRISM will investigate all complaints. If a complaint is found to be justified, PRISM will take appropriate measures, including, if necessary, amending its policies and practices.

PRISM Privacy Principals

How to Contact the Privacy Officer